- This policy applies to ABC to read, its staff trustees and volunteers.
- The Trustees recognise their overall responsibility for ensuring that ABC to read complies with its legal obligations.
- The purpose of this policy is to enable ABC to read to:
- comply with the law in respect of the data it holds about individuals;
- follow good practice;
- protect ABC to read’s, staff, trustees, volunteers and other individuals
- protect ABC to read from the consequences of a breach of its responsibilities.
The General Data Protection Regulation “GDPR”
- The GDPR controls how your personal information (data) is used (processed) by ABC to read.
- ABC to read is a data controller and must ensure that any processing of personal data complies with the Act.
- The Chief Operating & Development Officer (CODO) is the Data Protection Officer, along with a member of the board; with the following responsibilities:
- Briefing the Trustees on Data Protection responsibilities
- Reviewing Data Protection and related policies
- Advising other staff on Data Protection issues
- Ensuring that Data Protection induction and training takes place
- Handling subject access requests
- Approving unusual or controversial disclosures of personal data
- All staff, trustees and volunteers are required to read, understand and accept any policies and procedures that relate to the personal data they may handle in the course of their work.
Principles of General Data Protection
- The GDPA sets out the data protection principles to which ABC to read will adhere.
All data will be processed:
- Fairly and lawfully and will not be processed unless either
- You have consented to the processing
- The processing is necessary because
- it is in relation to a contract you have entered into, or
- because of a legal obligation
- For a specified and lawful purpose/s and not further
- Adequately, relevantly and not be excessive
- Accurately and kept up to date
- Not kept longer than necessary
- In accordance with the data subject’s (your) rights
Access and disclosure
Staff and volunteers have a right to know what information is kept about them. Equally they are entitled to expect that the confidentiality of this information is respected and that it is disclosed in limited circumstances. ABC to read expects that privacy, data protection and confidentiality of personal information are taken seriously. Staff and volunteers must sign a confidentiality statement (see Staff and Volunteer Policies and Procedures).
Records will be held securely. Documents are kept in lockable, non portable storage containers and information stored electronically can only be accessed with a password. Any electronic transfer of information, for example by email, will only be with the specific consent of the person whose data is being transferred. Access to all data is restricted to the CODO or any persons nominated by the CODO who has read and agreed to operate in accordance with this policy.
Retention of records
Details of applications made to ABC to read should be kept for the following periods and then destroyed by shredding:
- Applicants (staff or volunteer) who are not interviewed: 4 months from the date on which the application is received.
- Applicants (staff or volunteer) who are short listed or interviewed but unsuccessful: 4 months from the date on which applicants are informed of the appointment decision.
- Disclosure information provided by the Criminal Records Bureau: 6 months from receipt, which allows for any dispute about the accuracy of a Disclosure or a recruitment decision to be made and considered. See ABC 7 for DBS Disclosure policy statement and Code of Practice (Disclosure information pack)
- If records are retained for future consideration in the event of a further vacancy, applicants should be advised and given an opportunity to object.
When a volunteer finishes volunteering with ABC to read their details should be kept for 4 months and then destroyed as above. This includes their equal opportunities monitoring form, which is filed separately from their other details. The exception to this is if a volunteer has had an accident while volunteering with the organisation in which case their details should be kept for 3 years in case of a personal injury claim.
Staff files should be held for 3 years after a staff member leaves and then destroyed. They are held for that period in case of personal injury or minimum wage claims and for reference purposes.
All records should be regularly brought up to date and any out of date information deleted or removed from files.
No personal data will be collected from the children we work with unless in exceptional circumstances, when we may, in accordance with our Child Protection/Safeguarding Policy and our commitment to protect vulnerable children from all forms of exploitation and abuse, share details, including personal data, relating to serious breaches of our Child Protection/Safeguarding Policy and procedures with statutory authorities such as the police, the Serious Organised Crime Agency (SOCA), the Child Exploitation and Online Protection Agency (CEOP) and the Charity Commission.
GDPR Appendices : Opt Out for ABC to read’s communications, Freedom of Information Register, Internal Data Breach, Home Working Policy, Privacy Statement